Retire some issues

1 files changed, 16 insertions, 0 deletions

diff --git a/retired/CVE-2018-10021 b/retired/CVE-2018-10021
new file mode 100644
index 00000000..7b66a887
--- /dev/null
+++ b/retired/CVE-2018-10021
@@ -0,0 +1,16 @@
+Description: scsi: libsas: defer ata device eh commands to libata
+References:
+ https://bugzilla.suse.com/show_bug.cgi?id=1089281#c1
+Notes:
+ carnil> Negligable security impact, failure can only occur for physically
+ carnil> proximate attackers who unplug SAS Host Bus Adapter cables.
+ bwh> The vulnerable code was added in Linux 3.4.
+Bugs:
+upstream: released (4.16-rc7) [318aaf34f1179b39fa9c30fa0f3288b645beee39]
+4.9-upstream-stable: released (4.9.103) [e420d98384760f55ffac9951b9b5cccbf2edd752]
+3.16-upstream-stable: released (3.16.58) [scsi-libsas-defer-ata-device-eh-commands-to-libata.patch]
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.15.17-1) [bugfix/all/scsi-libsas-defer-ata-device-eh-commands-to-libata.patch]
+4.9-stretch-security: released (4.9.107-1)
+3.16-jessie-security: released (3.16.59-1)
+3.2-wheezy-security: N/A "Vulnerable code not present"